Working with FortiGuard IOCs

The following sections describe how to work with FortiGuard malware domains, IPs, and URLs.

Working with FortiGuard Malware Domains

The following sections describe how to enable, disable, and setup a proxy for the FortiGuard Malware domain.

Enabling the FortiGuard IOC Service

To start the FortiGuard IOC service, follow these steps:

  1. Go to RESOURCES > Malware Domains and select the FortiGuard Malware Domain folder.
  2. Select an inactive domain from the table.
  3. Click More > Update. In the Update FortiGuard IOC Service dialog box, select Enable IOC Service.
  4. (Optional) Schedule the starting of the service. See Specifying a schedule.
  5. Click Save.

Disabling the FortiGuard IOC Service

To stop the FortiGuard IOC service, follow these steps:

  1. Go to RESOURCES > Malware Domains and select the FortiGuard Malware Domain folder.
  2. Select an active domain from the table.
  3. Click More > Update. In the Update FortiGuard IOC Service dialog box, select Disable IOC Service.
  4. Click Save.

Using a Proxy for the FortiGuard IOC Service

Follow these steps to use a proxy for the FortiGuard IOC service:

  1. Go to RESOURCES > Malware Domains and select the FortiGuard Malware Domain folder.
  2. Select a domain from the table.
  3. Click More > Update. In the Update FortiGuard IOC Service dialog box, select Use Proxy.
  4. The Mode will be Proxy. Provide the following information:
    1. IP/Host
    2. Port
    3. User Name
    4. Password
  5. Click Save.

Working with FortiGuard Malware IPs

For FortiGuard Malware IPs, go to RESOURCES > Malware IPs, select the FortiGuard Malware IP folder, and repeat the same steps as for FortiGuard Malware Domains.

Working with FortiGuard Malware URLs

For FortiGuard Malware URLs, go to RESOURCES > Malware URLs, select the FortiGuard Malware URL folder, and repeat the same steps as for FortiGuard Malware Domains.